Privacy Policy — Spillit

Last updated: March 2026

      ✦ The short version: Spillit is built on anonymity. We don't collect your name, email, or any personal information. We store confessions as plain text with no link to who wrote them.
    

🌿 What we collect

Spillit is designed to collect as little as possible:

Confession & reply content — the text you post, stored in our database. It contains no information that identifies you unless you choose to include it yourself.
An anonymous session token — a random ID stored as a cookie in your browser (spillit_sid). This is used only to prevent duplicate likes. It contains no personal data and cannot be used to identify you.
Your IP address — used temporarily in memory for rate limiting (to prevent spam). It is never stored in our database.
Category and timestamp — when a confession is posted, we record its category and the time it was posted.

🚫 What we don't collect

Your name, email address, or phone number
Your location or device information
Your browsing history or activity outside Spillit
Any account credentials — there are no accounts
Advertising identifiers or tracking pixels

🍪 Cookies

We use a single cookie: spillit_sid. It is:

httpOnly — JavaScript on the page cannot read it
Signed — tamper-evident, server-verified
Anonymous — a random UUID with no connection to your identity
Long-lived — expires after 1 year so your like preferences persist

We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

📦 How data is used

The data we collect is used only to operate Spillit:

Confession content is displayed publicly in the feed
The session token is used to enforce one-like-per-person on confessions and replies
Reaction and reply counts are public
Reported confessions are reviewed by our admin for moderation

We never sell, share, or transfer your data to third parties for advertising or any commercial purpose.

🗑️ Data retention & deletion

Confessions marked "Disappears in 24h" are automatically removed after 24 hours
Other confessions remain until deleted by our admin team following a report
Because confessions carry no identity, we cannot look up or delete posts by user — if you need content removed, use the Report button on the confession

🌍 Third-party services

Spillit uses Google Fonts to load typefaces. When the page loads, your browser makes a request to Google's servers. Google's privacy policy applies to that request. We use no other third-party services.

👶 Children's privacy

Spillit is intended for users aged 13 and over. We do not knowingly collect information from children under 13. If you believe a child has submitted content, please use the Report button or contact us.

✉️ Contact

Questions about this privacy policy? Reach out at privacy@spillit.app. We'll do our best to respond within 5 business days.